YUM - description, flags and examples


How to update all packages to their latest version ?

This is about upgrading everything within the same major version, i.e. upgrade packages from RHEL 7.3 to RHEL 7.9. Upgrading to a newer major version is a different process.
  1. check current version
    cat /etc/redhat-release
    Red Hat Enterprise Linux Server release 7.3 (Maipo)
  2. clean + rebuild the cache
    yum clean all && yum makecache
  3. list stuff to upgrade
    yum check-update
  4. update everything
    yum update
  5. check new version
    cat /etc/redhat-release
    Red Hat Enterprise Linux Server release 7.9 (Maipo)
  6. reboot

yum error : [Errno 14] HTTPS Error 403 - Forbidden


yum install / yum update return the error :
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/optional/os/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.

Error downloading packages:
  open-vm-tools-10.3.10-2.el7.x86_64: [Errno 256] No more mirrors to try.


While investigating, you may try to open the https://cdn.redhat.com/content/dist/... URLs giving the HTTP 403 errors (see links in the error message above), and receive a warning about a security risk / non-secure connection / ... (the message is browser-specific).
  • This is because the certificates used on cdn.redhat.com web servers are signed by a CA which is unknown (hence not trusted) by your web browser.
  • As for Firefox & al. this is no big deal, and not related with the initial issue.
  • subscription-manager tools have the trusted CA built in, so everything's fine regarding HTTPS.
Back to the initial topic, this HTTPS Error 403 - Forbidden looks like a registration / subscription issue.


  1. Check that the right subscription is attached :
    subscription-manager status
  2. Refresh your subscription details :
    subscription-manager refresh
    This fixed the bug for me, no need to go further. See the "source" link below for extra steps.



Install software packages while maintaining dependencies on Red Hat.

Configuration files (details) :

  • /etc/yum.conf : yum main configuration file
  • /etc/yum.repos.d/* : repositories


Flag Usage
-c configFile
use the configuration file, specified either via local path or HTTP/FTP URL
clean clean up various things which accumulate in the yum cache directory over time (examples)
info display description and summary information about available packages
list list various information about available packages. Can have a extra command :
  • all : (default, can be omitted) list all available + installed packages
  • available : list all packages in the yum repositories available to be installed
  • installed : (examples)
  • updates : list all packages with updates available in the yum repositories
makecache fast
download and make usable all the metadata for the currently enabled yum repositories
with fast : just try to make sure the repositories are current
repolist list configured repositories. Filter with all (default) / enabled / disabled
  • yum update : update all installed packages
  • yum update packageX : update packageX only
  • yum update expression : update all packages matching expression
-y --assumeyes assume that the answer to any question which would be asked is yes


Deal with repositories :

List repositories (source) :

  • yum repolist all
  • verbose mode : yum repolist -v
  • repo IDs only : yum repolist | tail -n +4 | head -n -1 | cut -d' ' -f1

An exclamation mark ! leading a repository name means this repository has expired metadata.

Enable / disable a repository (source) :

  • yum-config-manager --enable repositoryId
  • yum-config-manager --disable repositoryId
repositoryId is displayed when listing repositories.

Local repositories :

Your network admin may not want servers to connect to the Internet to get packages, and would set up a local repository instead containing a copy (or a subset) of the public repositories. To use this local repository, you just have to :
  1. instruct Yum of its existence with /etc/yum.repos.d/ourDomain.repo :
    name=repository ourDomain.local redhat 6
  2. mention this repository when invoking yum

Deal with packages :

List installed packages (source) :

yum list installed
list all installed packages
yum list installed docker-ce
search a specific package
You'll have to provide the exact package name. Otherwise :
yum list installed | grep packageSearchPattern
yum list output format (source) :
name.arch		[epoch:]version-release		repo or @installed-from-repo

Search a package :

yum search packageSearchPattern
This displays a list of matching patterns, their version, and the repository they belong to or the string installed when applicable.

Get information on a package :

yum info packageSearchPattern

List files provided by a package (installed or not) :

Install package using a given repository :

yum -c /etc/yum.repos.d/myCompany.repo install fetchmail

Install security updates (source) :

List all updates that are security relevant, and get a return code on whether there are security updates :
yum check-update --security
Upgrade packages that have security errata up to the latest available package :
yum update --security
Upgrade packages that have security errata up to the last security errata package :
yum update-minimal --security

Don't forget -y when running non-interactively (like in an Ansible playbook)

Get a summary of advisories not installed yet :
yum updateinfo summary
Modules complémentaires chargés : product-id, search-disabled-repos, subscription-manager
Updates Information Summary: updates
	28 Bugfix notice(s)
	 4 Enhancement notice(s)
Security: kernel-3.10.0-514.26.1.el7.x86_64 is an installed security update
Security: kernel-3.10.0-514.10.2.el7.x86_64 is the currently running version		reboot !
updateinfo summary done
update vs update-minimal :
yum update
update every currently installed package (and ensure that all dependencies are satisfied)
yum update-minimal updateType
like update, but if you have the package foo-1 installed and have foo-2 (bugfix) and foo-3 (enhancement) available, then update-minimal --bugfix will update you to foo-2.

Clear caches (source) :

yum caches downloaded packages (and metadata) in /var/cache/yum, under the control of the keepcache directive of /etc/yum.conf. You may have to clean this cache to reclaim disk space or to clear errors due to corrupted metadata files.
yum clean all
clean all cached information
yum clean packages
remove cached packages only
yum clean metadata
delete metadata for each enabled repository
yum clean headers
delete package headers